An entity we refer to herein as an Original Equipment Manufacturer (OEM) that is involved in the design and eventual marketing and sales of a given device may hire a third party to manufacture the given device. Along with a list of hardware materials to assemble along with assembly instructions, the OEM may provide the third party (manufacturer) with software to be loaded on the given device during manufacturing. More particularly, the OEM may provide the manufacturer with a secondary boot loader and an OEM operating system.
One manner in which the security of a device my be enhanced, that is, to ensure that the operating system executed on a given device is an operating system intended to be executed on the given device, is to cryptographically sign the OEM operating system. To cryptographically sign an operating system, a code signing server may, first, utilize the code of the operating system as input to a hash function to obtain a digital signature. SHA-512 is a hash algorithm designed by the United States National Security Agency (NSA) and published by the United States National Institute of Standards and Technology (NIST) in Federal Information Processing Standards (FIPS) PUB 180-2. Subsequently, the code signing server may encode the digital signature using a code signing private key. The code signing server may then append the encoded digital signature, which may be called a cryptographic signature or cryptographic identifier (“ID”), to the operating system code.
During manufacture, the OEM operating system is loaded onto the given device. During the boot sequence, the secondary boot loader may obtain the code of the operating system and a cryptographic ID that is associated with the OEM operating system. The secondary boot loader may provide the code of the OEM operating system as input to the same hash function used by the code signing server. As a result of providing the OEM operating system code to the hash function, the secondary boot loader receives a local digital signature as the output of the hash function. The secondary boot loader then decodes the encoded digital signature associated with the OEM operating system with the code signing public key. The OEM operating system may be considered to be authenticated if the secondary boot loader finds that the decoded digital signature is a match for the local digital signature. Upon determining that decoded digital signature is a match for the local digital signature, then the secondary boot loader allows the processor to execute the OEM operating system. If the secondary boot loader fails to find a match between the decoded digital signature and the local digital signature, then the secondary boot loader denies the processor the ability to execute the OEM operating system.